Have you considered the individuals who contribute to our collective success? We invite you to learn more about the driving forces within our community.

Meet John Stoner, our Global Principal Security Strategist. He is all about making security teams more effective and does this by breaking down complex data, addressing new threats, and sharing his widely respected SecOps best practices. John is on a mission to simplify the complexities of security operations, starting with data understanding. From his love for insightful blogs to his passion for bridging the gap between business and security, John's insights are a valuable resource for our community.

John Stoner Global Principal Security Strategist “Stay intellectually curious, it goes such a long way in security...”

Questions and Answers

Q: What makes you excited about going to work every day?

A: Being able to build content that helps educate practitioners how Google SecOps can be used.

Q: If you could change one thing about security operations with a snap of your finger, what would it be?

A: There are many moving parts in security operations, but I think one that everyone struggles with is initially understanding the data that has just been collected. For instance, if you work with Crowdstrike data for 6 months, you probably know most of the key values with the data and don't think anything of it. But your colleague who was using MDE last week and just looked at Crowdstrike for the first time today has a nice learning curve in front of them. Then multiply that by all the other datasets you collect...And then add to it bringing analysts on board who are new to the role. That can present a steep learning curve, so helping users introspect their data and helping them understand what they have, to me, is an area I would love to see solved.

Q: Which security content do you like sharing with others or appreciate that is shared with you?

A: I enjoy blogs, both writing them but also reading them to learn how something works. A great example are blogs that break down a specific attack and adding associated detection logic to help folks get started is a plus.

Q: What do you love most about security operations?

A: The threat space is constantly evolving and security operations are critical to an organization. There are always new things to learn and security operations serve as the intersection between the business and protecting the business. Further, security operations provide a great way to pivot to other areas of security including threat hunting, incident response, and detection engineering to name just a few.

Q: How do you stay up-to-date with industry trends and developments?

A: It's tough because the space is so broad between different cloud vendors, endpoint and network tools and platforms, so industry conferences, blogs and continual training are just a few ways I try to keep up with things. I've found some interesting stuff on LinkedIn recently as well.

Fun Fact: I enjoy listening to what a former teammate of mine referred to as "alt80s sad timey music" and despite another friend's recent attempts, I am firmly rooted in that sweet spot of the musical genre.